hosts/main.yml

---
- name: "Prepare AAP Installation"
  hosts: aap_controllers:automation_hub:eda_controllers
  gather_facts: true
  become: true
  vars_files:
    - '~/agof_vault.yml'
  tasks:
    - name: "Download AAP"
      ansible.builtin.include_role:
        name: roles/aap_download

- name: "Configure controller"
  hosts: aap_controllers
  gather_facts: true
  become: true
  vars_files:
    - '~/agof_vault.yml'
  tasks:
    - name: "Install AAP"
      ansible.builtin.include_role:
        name: roles/control_node
      vars:
        controllerinstall: true

- name: "Configure Automation Hub"
  hosts: automation_hub
  gather_facts: true
  become: true
  vars_files:
    - '~/agof_vault.yml'
  tasks:
    - name: "Configure Automation Hub"
      ansible.builtin.include_role:
        name: roles/private_automation_hub
      when:
        - automation_hub|bool

- name: "Configure Event Driven Automation Controller"
  hosts: eda_controllers
  gather_facts: true
  become: true
  vars_files:
    - '~/agof_vault.yml'
  tasks:
    - name: "Configure EDA Controllers"
      ansible.builtin.include_role:
        name: roles/eda_controller
      when:
        - eda|bool

- name: "Mutually trust CA certs"
  hosts: aap_controllers:automation_hub:eda_controllers
  gather_facts: true
  become: true
  vars_files:
    - '~/agof_vault.yml'
  tasks:
    - name: "Retrieve CA bundles"
      ansible.builtin.slurp:
        src: /etc/pki/ca-trust/source/anchors/ansible-automation-platform-managed-ca-cert.crt
      register: ca_slurp
      when:
        - (automation_hub|bool or eda|bool)

    - name: "Deploy CA bundles"
      ansible.builtin.copy:
        content: "{{ hostvars[item].ca_slurp.content | b64decode }}"
        dest: "/etc/pki/ca-trust/source/anchors/{{ item }}-ca-bundle.crt"
        mode: "0644"
        owner: root
        group: root
      loop: "{{ groups['aap_controllers'] + groups['automation_hub'] }}"
      when:
        - (automation_hub|bool or eda|bool)

    - name: "Update CA trusts"
      ansible.builtin.command: /usr/bin/update-ca-trust
      when:
        - (automation_hub|bool or eda|bool)